kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2020:2430 An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

hw: Special Register Buffer Data Sampling (SRBDS)

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this fl...

SUSE-SU-2020:1601-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 prerelease bsc1172466 This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores...

SUSE-SU-2020:1597-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...

SUSE-SU-2020:14394-1 Security update for microcode_ctl

This update for microcodectl fixes the following issues: Updated Intel CPU Microcode to 20200602 prerelease bsc1172466 This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores...

Security update for ucode-intel (moderate)

openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2020:0791-1 Rating: moderate References: 1154824 1156353 1172466 Cross-References: CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is n...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

hw: Special Register Buffer Data Sampling (SRBDS)

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this fl...

Moderate: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update

Updated microcodectl packages that fix several security bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Intel CPU issues

Intel reports: Intel CPUs suffer Special Register Buffer Data Sampling vulnerability...

Security Bulletin: IBM Cloud Pak System is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites

Summary Potential security vulnerabilities in CPUs may allow information disclosure. Vulnerability Details CVEID: CVE-2019-11091 DESCRIPTION: Microarchitectural Data Sampling Uncacheable Memory MDSUM: Uncacheable memory on some microprocessors utilizing speculative execution may allow an...

Load Value Injection (LVI) speculative side channel

ISSUE DESCRIPTION This is very closely related to the Microarchitectural Data Sampling vulnerabilities from May 2019. Please see https://xenbits.xen.org/xsa/advisory-297.html for details about MDS. A new way of using the micro-architectural details behind MDS has been identified. Instead of simpl...

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Intel SGX and Processor Side Channel Data Leakage Vulnerabilities - Lenovo Support US

No description provided...

New ‘CacheOut’ Attack Targets Intel CPUs

Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way. The more...

Intel Processors Side Channel Data Leakage Vulnerabilities - Lenovo Support US

No description provided...

New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...

Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-2210)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Netezza Firmware Diagnostics Support Tool is affected by the vulnerabilities known as Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities

Summary CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling MSBDS CVSS Base Score: 6.5 Medium CVE-2018-12127 - Microarchitectural Load Port Data Sampling MLPDS CVSS Base Score: 6.5 Medium CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling MFBDS CVSS Base Score: 6.5 Medium...

RancherOS < 1.5.2 Intel Microarchitectural Data Sampling Local Information Disclosure

The remote host is running a version of RancherOS prior to v1.5.2, hences is exposed to an Information Disclosure Vulnerability. Microarchitectural Data Sampling MDS is a family of side channel attacks on internal buffers in Intel CPUs. CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-110...